![[The AI Show Episode 146]: Rise of “AI-First” Companies, AI Job Disruption, GPT-4o Update Gets Rolled Back, How Big Consulting Firms Use AI, and Meta AI App](https://www.marketingaiinstitute.com/hubfs/ep%20146%20cover.png)
![[FREE EBOOKS] Offensive Security Using Python, Learn Computer Forensics — 2nd edition & Four More Best Selling Titles](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
![Ditching a Microsoft Job to Enter Startup Purgatory with Lonewolf Engineer Sam Crombie [Podcast #171]](https://cdn.hashnode.com/res/hashnode/image/upload/v1746753508177/0cd57f66-fdb0-4972-b285-1443a7db39fc.png?#)
-xl.jpg)
![As Galaxy Watch prepares a major change, which smartwatch design to you prefer? [Poll]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2024/07/Galaxy-Watch-Ultra-and-Apple-Watch-Ultra-1.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
![Beats Studio Buds + On Sale for $99.95 [Lowest Price Ever]](https://www.iclarified.com/images/news/96983/96983/96983-640.jpg)
![New iPad 11 (A16) On Sale for Just $277.78! [Lowest Price Ever]](https://www.iclarified.com/images/news/97273/97273/97273-640.jpg)
![Apple's 11th Gen iPad Drops to New Low Price of $277.78 on Amazon [Updated]](https://images.macrumors.com/t/yQCVe42SNCzUyF04yj1XYLHG5FM=/2500x/article-new/2025/03/11th-gen-ipad-orange.jpeg)
![[Exclusive] Infinix GT DynaVue: a Prototype that could change everything!](https://www.gizchina.com/wp-content/uploads/images/2025/05/Screen-Shot-2025-05-10-at-16.07.40-PM-copy.png)
![T-Mobile discontinues a free number feature but a paid alternative exists [UPDATED]](https://m-cdn.phonearena.com/images/article/170235-two/T-Mobile-discontinues-a-free-number-feature-but-a-paid-alternative-exists-UPDATED.jpg?#)
My Summer of Bitcoin 2025 Journey: Building, Simulating, and Securing Bitcoin Protocols
Author: Anshuman Ojha Email: anshumanojha91@gmail.com GitHub: H-ario-m LinkedIn: Anshuman Ojha Introduction I participated in the Summer of Bitcoin 2025 program, where I explored Bitcoin deeply at the protocol level. The experience was hands-on, rigorous, and focused on both Bitcoin Core and Lightning Network internals. I contributed to two distinct projects: Improving the fee estimation model in LND’s Sweeper subsystem. Fixing a critical key handover exploit in the Coinswap protocol. Through the bootcamp and these contributions, I developed technical skills in Bitcoin scripting, descriptor parsing, multisig construction, mempool validation, fee dynamics, and protocol security. Bootcamp Learnings Week 1 – RPC Interaction and OP_RETURN Transaction Goal: Interact with Bitcoin Core RPC, send a transaction with a payment and OP_RETURN. Technical Approach: Launched a Bitcoin node in regtest mode using Docker. Created a wallet using createwallet and generated addresses. Used generatetoaddress to mine blocks and earn testnet BTC. Built a raw transaction using createrawtransaction and fundrawtransaction. Added a secondary output with an OP_RETURN opcode, embedding the string: We are all Satoshi!! as binary. Signed and broadcasted the transaction using signrawtransactionwithwallet and sendrawtransaction. Learnings: Bitcoin Core's RPC system is highly programmable and allows complete control over node behavior. Embedding metadata in transactions using OP_RETURN provides provably unspendable outputs. Understanding UTXO funding and fee mechanics is essential for crafting valid transactions manually. Week 2 – P2SH-P2WSH 2-of-2 Multisig Transaction Goal: Manually construct a transaction spending from a P2SH-wrapped P2WSH address. Technical Approach: Used two private keys and a given redeem script. Constructed the scriptPubKey by hashing the redeem script and wrapping it in a P2SH. Built an unsigned transaction and computed the BIP143-style sighash. Signed using both private keys to produce ECDSA signatures. Constructed the scriptSig and witness fields: scriptSig: contained the serialized redeem script. witness: included both signatures and the serialized redeem script. Serialized the transaction into hex and verified structure manually. Learnings: Differentiated between scriptSig (legacy) and witness (SegWit). Understood how P2SH acts as a compatibility wrapper for newer SegWit scripts. Practiced signature validation at the byte level and verified redeem script correctness. Week 3 – Simulated Block Mining Goal: Mine a valid block from a mempool of transactions, respecting dependencies and fee rates. Technical Approach: Parsed JSON-encoded transactions with dependencies. Topologically sorted them to preserve input-output ordering. Calculated fee-to-weight ratios and selected optimal transactions under the block size limit. Created a Merkle root from the selected transactions. Built a block header including: Previous block hash Merkle root Timestamp, difficulty bits Nonce satisfying the PoW target: 0000ffff... Created a valid coinbase transaction with a dummy miner address. Learnings: Built a minimal Bitcoin miner simulator. Explored real transaction dependency resolution and mempool structure. Learned how PoW constraints interact with block content. Week 4 – Descriptor Parsing and Balance Aggregation with Esplora Goal: Parse a descriptor, derive addresses, and aggregate balance by querying Esplora. Technical Approach: Parsed the descriptor: wpkh(tpub.../*) using the bitcoinlib and BIP32 parsing. Derived child public keys and corresponding Bech32 addresses. Queried each address’s transactions using the local Esplora API (on port 8094). Continued deriving until 10 unused addresses were found (gap limit). Summed all confirmed UTXOs and output balance in BTC. Learnings: Gained familiarity with hierarchical deterministic wallets. Understood the descriptor format and gap limit behavior. Practiced using REST APIs to interact with Bitcoin indexers like Esplora. Project 1 – Dynamic Fee Function Optimization in LND Sweeper Problem The Sweeper in LND handles time-sensitive transactions such as HTLC timeouts. It currently uses a linear fee increase over time, which: Performs poorly during fee spikes. Wastes satoshis in low-fee periods. Is unconfigurable per use-case urgency. My Contribution 1. Researched and modeled multiple fee functions: Model Characteristics Linear Default; simple but inflexible Exponential Slow start, steep climb Stepped Discrete jumps; easier to predict Sigmoid Smooth S-shaped urgency growth Dynamic Based on mempool fee estimate feedback 2. Simulation and Evaluation: Built a test framework in Go that simulated mempool congestion scenarios. Metrics: Average fee paid Confirmation reliability Average time to confirm Function Avg
Author: Anshuman Ojha
Email: anshumanojha91@gmail.com
GitHub: H-ario-m
LinkedIn: Anshuman Ojha
Introduction
I participated in the Summer of Bitcoin 2025 program, where I explored Bitcoin deeply at the protocol level. The experience was hands-on, rigorous, and focused on both Bitcoin Core and Lightning Network internals. I contributed to two distinct projects:
- Improving the fee estimation model in LND’s Sweeper subsystem.
- Fixing a critical key handover exploit in the Coinswap protocol.
Through the bootcamp and these contributions, I developed technical skills in Bitcoin scripting, descriptor parsing, multisig construction, mempool validation, fee dynamics, and protocol security.
Bootcamp Learnings
Week 1 – RPC Interaction and OP_RETURN Transaction
Goal: Interact with Bitcoin Core RPC, send a transaction with a payment and OP_RETURN.
Technical Approach:
- Launched a Bitcoin node in
regtestmode using Docker. - Created a wallet using
createwalletand generated addresses. - Used
generatetoaddressto mine blocks and earn testnet BTC. - Built a raw transaction using
createrawtransactionandfundrawtransaction. - Added a secondary output with an
OP_RETURNopcode, embedding the string:We are all Satoshi!!as binary. - Signed and broadcasted the transaction using
signrawtransactionwithwalletandsendrawtransaction.
Learnings:
- Bitcoin Core's RPC system is highly programmable and allows complete control over node behavior.
- Embedding metadata in transactions using
OP_RETURNprovides provably unspendable outputs. - Understanding UTXO funding and fee mechanics is essential for crafting valid transactions manually.
Week 2 – P2SH-P2WSH 2-of-2 Multisig Transaction
Goal: Manually construct a transaction spending from a P2SH-wrapped P2WSH address.
Technical Approach:
- Used two private keys and a given redeem script.
- Constructed the
scriptPubKeyby hashing the redeem script and wrapping it in a P2SH. - Built an unsigned transaction and computed the BIP143-style sighash.
- Signed using both private keys to produce ECDSA signatures.
-
Constructed the
scriptSigandwitnessfields:-
scriptSig: contained the serialized redeem script. -
witness: included both signatures and the serialized redeem script.
-
Serialized the transaction into hex and verified structure manually.
Learnings:
- Differentiated between
scriptSig(legacy) andwitness(SegWit). - Understood how P2SH acts as a compatibility wrapper for newer SegWit scripts.
- Practiced signature validation at the byte level and verified redeem script correctness.
Week 3 – Simulated Block Mining
Goal: Mine a valid block from a mempool of transactions, respecting dependencies and fee rates.
Technical Approach:
- Parsed JSON-encoded transactions with dependencies.
- Topologically sorted them to preserve input-output ordering.
- Calculated fee-to-weight ratios and selected optimal transactions under the block size limit.
- Created a Merkle root from the selected transactions.
-
Built a block header including:
- Previous block hash
- Merkle root
- Timestamp, difficulty bits
- Nonce satisfying the PoW target:
0000ffff...
Created a valid coinbase transaction with a dummy miner address.
Learnings:
- Built a minimal Bitcoin miner simulator.
- Explored real transaction dependency resolution and mempool structure.
- Learned how PoW constraints interact with block content.
Week 4 – Descriptor Parsing and Balance Aggregation with Esplora
Goal: Parse a descriptor, derive addresses, and aggregate balance by querying Esplora.
Technical Approach:
- Parsed the descriptor:
wpkh(tpub.../*)using thebitcoinliband BIP32 parsing. - Derived child public keys and corresponding Bech32 addresses.
- Queried each address’s transactions using the local Esplora API (on port
8094). - Continued deriving until 10 unused addresses were found (gap limit).
- Summed all confirmed UTXOs and output balance in BTC.
Learnings:
- Gained familiarity with hierarchical deterministic wallets.
- Understood the descriptor format and gap limit behavior.
- Practiced using REST APIs to interact with Bitcoin indexers like Esplora.
Project 1 – Dynamic Fee Function Optimization in LND Sweeper
Problem
The Sweeper in LND handles time-sensitive transactions such as HTLC timeouts. It currently uses a linear fee increase over time, which:
- Performs poorly during fee spikes.
- Wastes satoshis in low-fee periods.
- Is unconfigurable per use-case urgency.
My Contribution
1. Researched and modeled multiple fee functions:
| Model | Characteristics |
|---|---|
| Linear | Default; simple but inflexible |
| Exponential | Slow start, steep climb |
| Stepped | Discrete jumps; easier to predict |
| Sigmoid | Smooth S-shaped urgency growth |
| Dynamic | Based on mempool fee estimate feedback |
2. Simulation and Evaluation:
Built a test framework in Go that simulated mempool congestion scenarios. Metrics:
- Average fee paid
- Confirmation reliability
- Average time to confirm
| Function | Avg Fee | Conf. Rate | Time to Confirm |
|---|---|---|---|
| Linear | 62.7 | 91.5% | 10.6 blocks |
| Dynamic | 53.9 | 97.4% | 8.2 blocks |
3. Implementation Design:
- Made fee functions modular and injectable.
- Exposed configuration via RPC.
- Built test cases simulating fast confirmation and cost sensitivity scenarios.
Learnings
- Learned about fee estimation challenges in Lightning’s context.
- Practiced writing performance-aware Go code.
- Designed empirical evaluation frameworks for fee dynamics.
Project 2 – Coinswap Protocol: Fixing the Private Key Handover Exploit
Vulnerability
In the original Coinswap settlement flow, the maker sends their private key before the taker sends theirs, based only on receiving the hash preimage. This enabled the taker to:
- Obtain maker’s key.
- Withhold their own.
- Complete swap with the final party while skipping fees to intermediates.
Exploit Example
Taker -> Maker: sends preimage
Maker -> Taker: sends private key (vulnerable)
Taker disconnects (never sends key back)
Solution
New Message Flow:
Taker -> Maker: RespHashPreimage
Maker -> Taker: HashPreimageAcknowledged
Taker -> Maker: RespPrivKeyHandover
Maker: Verifies key
Maker -> Taker: RespPrivKeyHandover
Implementation:
- Added
HashPreimageAcknowledgedenum in protocol message types. - Updated
maker/handlers.rsto store intermediate state and delay key sharing. - Implemented key verification before final handover.
- Modified
taker/api.rsto wait for acknowledgment and send keys before receiving any. -
Wrote full unit and integration tests:
- Malicious taker detection
- Cross-maker chain simulation
- Failure injection
Learnings
- Identified and fixed a multi-hop atomic swap vulnerability.
- Gained experience in secure multi-party message sequencing.
- Implemented state machines in Rust with resilience to adversarial behavior.
Final Reflections
Summer of Bitcoin was more than just building code—it was about engaging with Bitcoin’s foundations, identifying real-world challenges, and proposing secure, scalable, and efficient solutions.
Technically, I learned to:
- Write and interpret low-level Bitcoin transactions.
- Simulate and optimize mempool-based fee strategies.
- Secure privacy protocols from adversarial takers.
- Use Bitcoin Core, Esplora, Rust, Go, and Docker at a production level.
Personally, I learned to:
- Think adversarially about security.
- Move from abstract specs to secure implementations.
- Collaborate with maintainers and propose upstream fixes.
Connect With Me
- GitHub: H-ario-m
- Email: anshumanojha91@gmail.com
- LinkedIn: Anshuman Ojha
